Jump to content


Photo

[gentoo-announce] [ GLSA 201308-06 ] MySQL: Multiple vulnerabilities


  • Please log in to reply
No replies to this topic

#1 News

News

    stranger

  • Members
  • 67050 posts

Posted 29 August 2013 - 11:14 AM

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: MySQL: Multiple vulnerabilities
Date: August 29, 2013
Bugs: #399375, #411503, #412889, #417989, #445602, #462498,
#466236, #477474
ID: 201308-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MySQL, allowing attackers
to execute arbitrary code or cause Denial of Service.

Background
==========

MySQL is a fast, multi-threaded, multi-user SQL database server.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/mysql < 5.1.70 >= 5.1.70

Description
===========

Multiple vulnerabilities have been discovered in MySQL. Please review
the CVE identifiers referenced below for details.

Impact
======

A remote attacker could send a specially crafted request, possibly
resulting in execution of arbitrary code with the privileges of the
application or a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MySQL users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/mysql-5.1.70"

References
==========

[ 1 ] CVE-2011-2262
http://nvd.nist.gov/...e=CVE-2011-2262
[ 2 ] CVE-2012-0075
http://nvd.nist.gov/...e=CVE-2012-0075
[ 3 ] CVE-2012-0087
http://nvd.nist.gov/...e=CVE-2012-0087
[ 4 ] CVE-2012-0101
http://nvd.nist.gov/...e=CVE-2012-0101
[ 5 ] CVE-2012-0102
http://nvd.nist.gov/...e=CVE-2012-0102
[ 6 ] CVE-2012-0112
http://nvd.nist.gov/...e=CVE-2012-0112
[ 7 ] CVE-2012-0113
http://nvd.nist.gov/...e=CVE-2012-0113
[ 8 ] CVE-2012-0114
http://nvd.nist.gov/...e=CVE-2012-0114
[ 9 ] CVE-2012-0115
http://nvd.nist.gov/...e=CVE-2012-0115
[ 10 ] CVE-2012-0116
http://nvd.nist.gov/...e=CVE-2012-0116
[ 11 ] CVE-2012-0117
http://nvd.nist.gov/...e=CVE-2012-0117
[ 12 ] CVE-2012-0118
http://nvd.nist.gov/...e=CVE-2012-0118
[ 13 ] CVE-2012-0119
http://nvd.nist.gov/...e=CVE-2012-0119
[ 14 ] CVE-2012-0120
http://nvd.nist.gov/...e=CVE-2012-0120
[ 15 ] CVE-2012-0484
http://nvd.nist.gov/...e=CVE-2012-0484
[ 16 ] CVE-2012-0485
http://nvd.nist.gov/...e=CVE-2012-0485
[ 17 ] CVE-2012-0486
http://nvd.nist.gov/...e=CVE-2012-0486
[ 18 ] CVE-2012-0487
http://nvd.nist.gov/...e=CVE-2012-0487
[ 19 ] CVE-2012-0488
http://nvd.nist.gov/...e=CVE-2012-0488
[ 20 ] CVE-2012-0489
http://nvd.nist.gov/...e=CVE-2012-0489
[ 21 ] CVE-2012-0490
http://nvd.nist.gov/...e=CVE-2012-0490
[ 22 ] CVE-2012-0491
http://nvd.nist.gov/...e=CVE-2012-0491
[ 23 ] CVE-2012-0492
http://nvd.nist.gov/...e=CVE-2012-0492
[ 24 ] CVE-2012-0493
http://nvd.nist.gov/...e=CVE-2012-0493
[ 25 ] CVE-2012-0494
http://nvd.nist.gov/...e=CVE-2012-0494
[ 26 ] CVE-2012-0495
http://nvd.nist.gov/...e=CVE-2012-0495
[ 27 ] CVE-2012-0496
http://nvd.nist.gov/...e=CVE-2012-0496
[ 28 ] CVE-2012-0540
http://nvd.nist.gov/...e=CVE-2012-0540
[ 29 ] CVE-2012-0553
http://nvd.nist.gov/...e=CVE-2012-0553
[ 30 ] CVE-2012-0572
http://nvd.nist.gov/...e=CVE-2012-0572
[ 31 ] CVE-2012-0574
http://nvd.nist.gov/...e=CVE-2012-0574
[ 32 ] CVE-2012-0578
http://nvd.nist.gov/...e=CVE-2012-0578
[ 33 ] CVE-2012-0583
http://nvd.nist.gov/...e=CVE-2012-0583
[ 34 ] CVE-2012-1492
http://nvd.nist.gov/...e=CVE-2012-1492
[ 35 ] CVE-2012-1623
http://nvd.nist.gov/...e=CVE-2012-1623
[ 36 ] CVE-2012-1688
http://nvd.nist.gov/...e=CVE-2012-1688
[ 37 ] CVE-2012-1689
http://nvd.nist.gov/...e=CVE-2012-1689
[ 38 ] CVE-2012-1690
http://nvd.nist.gov/...e=CVE-2012-1690
[ 39 ] CVE-2012-1696
http://nvd.nist.gov/...e=CVE-2012-1696
[ 40 ] CVE-2012-1697
http://nvd.nist.gov/...e=CVE-2012-1697
[ 41 ] CVE-2012-1702
http://nvd.nist.gov/...e=CVE-2012-1702
[ 42 ] CVE-2012-1703
http://nvd.nist.gov/...e=CVE-2012-1703
[ 43 ] CVE-2012-1705
http://nvd.nist.gov/...e=CVE-2012-1705
[ 44 ] CVE-2012-1734
http://nvd.nist.gov/...e=CVE-2012-1734
[ 45 ] CVE-2012-2102
http://nvd.nist.gov/...e=CVE-2012-2102
[ 46 ] CVE-2012-2122
http://nvd.nist.gov/...e=CVE-2012-2122
[ 47 ] CVE-2012-2749
http://nvd.nist.gov/...e=CVE-2012-2749
[ 48 ] CVE-2012-3150
http://nvd.nist.gov/...e=CVE-2012-3150
[ 49 ] CVE-2012-3158
http://nvd.nist.gov/...e=CVE-2012-3158
[ 50 ] CVE-2012-3160
http://nvd.nist.gov/...e=CVE-2012-3160
[ 51 ] CVE-2012-3163
http://nvd.nist.gov/...e=CVE-2012-3163
[ 52 ] CVE-2012-3166
http://nvd.nist.gov/...e=CVE-2012-3166
[ 53 ] CVE-2012-3167
http://nvd.nist.gov/...e=CVE-2012-3167
[ 54 ] CVE-2012-3173
http://nvd.nist.gov/...e=CVE-2012-3173
[ 55 ] CVE-2012-3177
http://nvd.nist.gov/...e=CVE-2012-3177
[ 56 ] CVE-2012-3180
http://nvd.nist.gov/...e=CVE-2012-3180
[ 57 ] CVE-2012-3197
http://nvd.nist.gov/...e=CVE-2012-3197
[ 58 ] CVE-2012-5060
http://nvd.nist.gov/...e=CVE-2012-5060
[ 59 ] CVE-2012-5096
http://nvd.nist.gov/...e=CVE-2012-5096
[ 60 ] CVE-2012-5611
http://nvd.nist.gov/...e=CVE-2012-5611
[ 61 ] CVE-2012-5612
http://nvd.nist.gov/...e=CVE-2012-5612
[ 62 ] CVE-2012-5613
http://nvd.nist.gov/...e=CVE-2012-5613
[ 63 ] CVE-2012-5614
http://nvd.nist.gov/...e=CVE-2012-5614
[ 64 ] CVE-2012-5615
http://nvd.nist.gov/...e=CVE-2012-5615
[ 65 ] CVE-2012-5627
http://nvd.nist.gov/...e=CVE-2012-5627
[ 66 ] CVE-2013-0367
http://nvd.nist.gov/...e=CVE-2013-0367
[ 67 ] CVE-2013-0368
http://nvd.nist.gov/...e=CVE-2013-0368
[ 68 ] CVE-2013-0371
http://nvd.nist.gov/...e=CVE-2013-0371
[ 69 ] CVE-2013-0375
http://nvd.nist.gov/...e=CVE-2013-0375
[ 70 ] CVE-2013-0383
http://nvd.nist.gov/...e=CVE-2013-0383
[ 71 ] CVE-2013-0384
http://nvd.nist.gov/...e=CVE-2013-0384
[ 72 ] CVE-2013-0385
http://nvd.nist.gov/...e=CVE-2013-0385
[ 73 ] CVE-2013-0386
http://nvd.nist.gov/...e=CVE-2013-0386
[ 74 ] CVE-2013-0389
http://nvd.nist.gov/...e=CVE-2013-0389
[ 75 ] CVE-2013-1502
http://nvd.nist.gov/...e=CVE-2013-1502
[ 76 ] CVE-2013-1506
http://nvd.nist.gov/...e=CVE-2013-1506
[ 77 ] CVE-2013-1511
http://nvd.nist.gov/...e=CVE-2013-1511
[ 78 ] CVE-2013-1512
http://nvd.nist.gov/...e=CVE-2013-1512
[ 79 ] CVE-2013-1521
http://nvd.nist.gov/...e=CVE-2013-1521
[ 80 ] CVE-2013-1523
http://nvd.nist.gov/...e=CVE-2013-1523
[ 81 ] CVE-2013-1526
http://nvd.nist.gov/...e=CVE-2013-1526
[ 82 ] CVE-2013-1531
http://nvd.nist.gov/...e=CVE-2013-1531
[ 83 ] CVE-2013-1532
http://nvd.nist.gov/...e=CVE-2013-1532
[ 84 ] CVE-2013-1544
http://nvd.nist.gov/...e=CVE-2013-1544
[ 85 ] CVE-2013-1548
http://nvd.nist.gov/...e=CVE-2013-1548
[ 86 ] CVE-2013-1552
http://nvd.nist.gov/...e=CVE-2013-1552
[ 87 ] CVE-2013-1555
http://nvd.nist.gov/...e=CVE-2013-1555
[ 88 ] CVE-2013-1566
http://nvd.nist.gov/...e=CVE-2013-1566
[ 89 ] CVE-2013-1567
http://nvd.nist.gov/...e=CVE-2013-1567
[ 90 ] CVE-2013-1570
http://nvd.nist.gov/...e=CVE-2013-1570
[ 91 ] CVE-2013-2375
http://nvd.nist.gov/...e=CVE-2013-2375
[ 92 ] CVE-2013-2376
http://nvd.nist.gov/...e=CVE-2013-2376
[ 93 ] CVE-2013-2378
http://nvd.nist.gov/...e=CVE-2013-2378
[ 94 ] CVE-2013-2381
http://nvd.nist.gov/...e=CVE-2013-2381
[ 95 ] CVE-2013-2389
http://nvd.nist.gov/...e=CVE-2013-2389
[ 96 ] CVE-2013-2391
http://nvd.nist.gov/...e=CVE-2013-2391
[ 97 ] CVE-2013-2392
http://nvd.nist.gov/...e=CVE-2013-2392
[ 98 ] CVE-2013-2395
http://nvd.nist.gov/...e=CVE-2013-2395
[ 99 ] CVE-2013-3802
http://nvd.nist.gov/...e=CVE-2013-3802
[ 100 ] CVE-2013-3804
http://nvd.nist.gov/...e=CVE-2013-3804
[ 101 ] CVE-2013-3808
http://nvd.nist.gov/...e=CVE-2013-3808

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gent...a-201308-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security ( -at -) gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommo...enses/by-sa/2.5







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

IPB Skin By Virteq